MS&AD Insurance Group Holdings, Inc.
Given the importance of protecting personal information, MS&AD Insurance Group Holdings, Inc. (hereinafter “we”) will strictly adhere to the Act on the Protection of Personal Information (hereinafter “Personal Information Protection Act”) the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures (hereinafter “My Number Act”), as well as other laws, regulations and guidelines to properly handle personal information and take appropriate secure management measures.
We will also ensure that personal information is not mishandled, and will properly educate and supervise those who are engaged in business operations, etc. on the appropriate handling of personal information. We will continue to review and improve our handling of personal information and our methods for secure management.
1. Collection of Personal Information
We will obtain personal information to the extent necessary for business in a fair and legitimate manner. We may also obtain personal information (excluding individual numbers and specific personal information as specified in 7 below) from phone calls involving questions and consultations, which will be recorded to accurately record their content.
2. Purposes of Use of Personal Information
We will also notify individual respondents of or make public our purposes for using the personal information (excluding individual numbers and specific personal information; See 7 below.) and use it only to the extent necessary to accomplish the following purposes. We will define the purposes of use clearly for respondents to understand and we announce it on a Web site as in the following. We limit the purposes of use to an extent relevant to specific cases where personal information is obtained. In cases where obtained personal information is intended to be used beyond the extent necessary to accomplish the said purposes, we should acquire consent from the relevant individuals to such use unless it meet any item of Article 16, paragraph (3) of the Act on the Protection of Personal Information.
< Purposes for Using Personal Information >
· For corporate management of group companies
· For appropriate and smooth performance of transaction with the relevant individual
3. Provision of Personal Data to Third Parties and Obtainment Thereof from Third Parties
(1) We will not offer personal data (excluding individual numbers and specific personal information; See 7 below.) to third parties without prior consent from the relevant individual except for the following cases:
(i) When required to do so by laws and regulations;
(ii) When offering the information to consigned companies(including those located overseas), to the extent necessary for operations;
(iii) When offering the information to third parties via procedures based on Article 23, paragraph (2) of the Act on the Protection of Personal Information (i.e. opting out);
(iv) When sharing information between our Group companies (please refer to item 5 below).
(2) When we have provided personal data to a third party, except when required to do so by laws and regulations, we will record the details about such provision (when, to whom, what personal data, etc.). When we have been provided with personal data by a third party, we will confirm and record the details about such provision (when, from which party, what personal data, how the third party concerned obtained the personal data in question, etc.).
4. Consignment of Personal Data Handling
We may provide a certain portion of obtained personal information (including individual numbers and specific personal information as specified in 7 below) to external third parties(including those located overseas) for consigned operations within the extent necessary to accomplish the purposes of use. According to pre-set criteria for selecting consigned companies, we will check their information management system and conduct other necessary and adequate supervision on the consigned company prior to making an order and trusting personal data to it.
5. Shared Use of Personal Data
For MS&AD Insurance Group Holdings, Inc. (hereinafter, the "Holding Company") to manage the business of the MS&AD Insurance Group companies, MS&AD Insurance Group may share personal data (excluding individual numbers and specific personal information; See 7 below.) between the Holding Company and the MS&AD Insurance Group companies based on the following conditions.
(1) Items of personal data
a) Shareholder information (name, address, number of shares, etc.)
b) Customer information held by the Holding Company or the Group companies (name, address, phone number, email address, gender, date of birth, other information related to customer transactions such as those noted in contract forms or information regarding insured events, etc).
(2) Scope of users of shared information and management representative
Users of shared information are domestic and overseas insurance companies, reinsurance companies, and related companies of the MS&AD Insurance Group. (Click here to see the users.) The management representative for the shared use of information will be the Holding Company.
6. Handling of Sensitive Information
We will not obtain, use, or offer to third parties sensitive information such as 1) any type of information for which special care is required, as stipulated in Article 2 Paragraph 3 of the Personal Information Protection Act, or 2) any personal information relating to matters such as labor union membership, family background, domicile of origin, medical history and sexual orientation, unless otherwise stipulated by the Act on the Protection of Personal Information, other laws, regulations or guidelines.
7. Handling of specific personal information, etc.
We will neither acquire nor use individual numbers or specific personal information as provided for by the My Number Act for any purpose other than those restrictively specified in said Act. We will not provide individual numbers or specific personal information to any third party except in those cases which are restrictively specified in the My Number Act. Furthermore, we will not use individual numbers or specific personal information in a shared manner, as stated in 5 above.
8. Request for Notification, Disclosure, Corrections, etc.
Please refer to the information desk below for requests for notification, disclosure, corrections, etc. of matters regarding information that we hold under the Act on the Protection of Personal Information (including individual numbers and specific personal information as specified in 7 above) or discontinuation, etc. of their use.
We will reserve the right to verify the identity of the claimant, who will be required to complete the prescribed forms and the application procedure. In principle, requests will be answered in writing at a later date. At the time of responding, we will require claimants to pay the standard fees for any requests for disclosure.
If we find that information about the claimant is incorrect, we will correct the information based on the results of our investigation.
9. Summary of Secure Management Procedures for Personal Data
We will make efforts to prevent leakage, damage, or defamation of personal data (including individual numbers and specific personal information as specified in 7 above). It will also ensure adequate security measures such as the maintenance of policies regarding use as well as that of systems in place for secure management procedures.
Please contact the information desk below for queries regarding secure management procedures.
10. Handling of Anonymously Processed Information
(1) Creation of Anonymously Processed Information
When creating anonymously processed information (information relating to an individual that can be created from processing personal information, by taking action stipulated in laws and regulations so as to make it impossible either to identify a specific individual or to restore the original personal information), we will observe the following requirements:
(i) Information shall be processed appropriately in accordance with standards stipulated in laws and regulations.
(ii) Security control action shall be taken in accordance with standards stipulated in laws and regulations so as to prevent leakage of deleted information and information relating to processing methods.
(iii) Items of information contained in anonymously processed information shall be disclosed to the public.
(iv) No action shall be taken to identify the first person relating to personal information used to create the anonymously processed information concerned.
(2) Provision of Anonymously Processed Information
When providing anonymously processed information to a third party, we will disclose to the public the items of information relating to an individual contained in such anonymously processed information as well as the method of provision, and we will state to the third party explicitly to the effect that the information being provided is anonymously processed information.
11. Information Desk
We will respond quickly and appropriately to complaints and requests for consultations regarding its handling of personal information (including individual numbers and specific personal information as specified in 7 above). Please contact the desk below for enquiries, disclosure, corrections, etc. regarding the handling of personal information, requests for discontinuation, etc. of use of personal data, and questions about secure management procedures.
< Contact Desk >
MS&AD Insurance Group Holdings, Inc. Data Management Department
Telephone Number: 03-5117-0225
Business Hours: 9:00-17:00 (Monday through Friday)
* The office is closed during the year-end and new-year period and public holidays.